How to forward to a port / address (Redirect) with firewalld?

About

This page shows you how to forward your traffic based on a port with the forward-port rule.

How to forward the port 443 to the port 8443

As a zone option

In a zone option, you can add directly port forwarding directly without using a rich rule.

firewall-cmd --add-forward-port=port=443:proto=tcp:toport=8443

Other commands are available to manage the forward-port option:

  • List IPv4 forward ports
firewall-cmd --list-forward-ports 
  • Add the IPv4 forward port
firewall-cmd --add-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]
  • Remove the IPv4 forward port
firewall-cmd   --remove-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]
  • Return whether the IPv4 forward port has been added
firewall-cmd   --query-forward-port=port=<portid>[-<portid>]:proto=<protocol>[:toport=<portid>[-<portid>]][:toaddr=<address>[/<mask>]]

With a rich rule

Add the forward-port rich rule

rule forward-port family=ipv4 port=443 protocol=tcp to-port=8443

Example:

firewall-cmd --permanent \
  --add-rich-rule='rule family=ipv4 forward-port port=443 protocol=tcp to-port=8443'

The forward-port rule may also forward a packet to another address. The whole rule format is:

<forward-port port="portid[-portid]" protocol="tcp|udp" [to-port="portid[-portid]"] [to-addr="address"]/> |





Discover More
Firewalld - A list of common How-to's

This page regroups a list of how to around the firewall firewalld If your firewall is locking you out of your machine, this article will explains you how to disable it and take control...
Firewalld - Policy

A policy applies a set of rules to traffic flowing between zones. The policy affects traffic in a stateful unidirectional manner, e.g. from: an ingress zone: zoneA to an egress zone: zoneB. ...
Firewalld - Zone

A zone is a grouping of rule configurations known as zone option. A firewall zone is defined for: a connection, an interface or source address binding (range of source addresses) This is a one-to-many...
What are Rich Rules or Rules in Firewalld?

Rich rule is a line of text that: begins with rule defines a list of options and terminates by an action: accept reject drop mark If a packet matches the options of the rich rule, the...



Share this page:
Follow us:
Task Runner